<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<% request.setCharacterEncoding("UTF-8"); %>
<%@ page import="java.sql.*" %>
<%@ page import="javax.servlet.http.Cookie" %>
<%@ page import="java.io.PrintWriter" %>
<%
    // 检查登录
    Cookie[] cookies = request.getCookies();
    String logonusername = null;
    if (cookies != null) {
        for (Cookie cookie : cookies) {
            if ("logonusername".equals(cookie.getName())) {
                logonusername = cookie.getValue();
                break;
            }
        }
    }
    request.setAttribute("logonusername", logonusername);
 
    // 获取表单数据
    String bid = request.getParameter("bid");
    String bookname = request.getParameter("bookname");
    String author = request.getParameter("author");
    String booknum = request.getParameter("booknum");
    String msg = request.getParameter("msg");
    
    //out.println(bookname);
 
    if (bid == null || bid.isEmpty()) {
        out.println("<script>alert('请求不合法！');window.location.href='../login.jsp';</script>");
        return;
    }
 
    Connection conn = null;
    PreparedStatement stmt = null;
    ResultSet ros = null;
    try {
        Class.forName("com.mysql.cj.jdbc.Driver");
        conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/books?useUnicode=true&characterEncoding=UTF-8&serverTimezone=UTC", "books", "books");
        // 检查权限
        String sqls = "SELECT state FROM users WHERE username = ? AND state = ?";
        stmt = conn.prepareStatement(sqls);
        stmt.setString(1, logonusername);
        stmt.setInt(2, 5); 
        ros = stmt.executeQuery();
        if (!ros.next() || ros.getInt("state") != 5) {
            out.println("<script>alert('抱歉！您没有管理的权限！');window.location.href='../index.jsp';</script>");
            return;
        }
 
        // 更新书籍信息
        String sql = "UPDATE book SET bookname = ?, author = ?, booknum = ?, msg = ? WHERE bid = ?";
        stmt = conn.prepareStatement(sql);
        stmt.setString(1, bookname);
        stmt.setString(2, author);
        stmt.setString(3, booknum);
        stmt.setString(4, msg);
        stmt.setString(5, bid);
        int rows = stmt.executeUpdate();
 
        if (rows > 0) {
            out.println("<script>window.location.href='../admin.jsp?sobook=" + bookname + "';</script>");
        } else {
            out.println("<script>alert('修改失败，请重试！');window.location.href='../admin.jsp?sobook=" + bookname + "';</script>");
        }
    } catch (Exception e) {
        e.printStackTrace(); 
        out.println("<script>alert('发生错误，请稍后再试！');window.location.href='../admin.jsp';</script>");
    } finally {
        closeResources(ros, stmt, conn);
    }
%>
 
<%!
    private void closeResources(ResultSet rs, PreparedStatement stmt, Connection conn) {
        try { if (rs != null) rs.close(); } catch (SQLException e) { /* ignored */ }
        try { if (stmt != null) stmt.close(); } catch (SQLException e) { /* ignored */ }
        try { if (conn != null) conn.close(); } catch (SQLException e) { /* ignored */ }
    }
%>